To create the signature file, make a PKCS #7 detached signature of the
manifest file, using the private key associated with your signing
certificate. Include the WWDR intermediate certificate as part of the
signature. You can download this certificate from Apple’s website.
Write the signature to the file signature at the top level of the pass
package. Include the date and time that the pass was signed using the
S/MIME signing-time attribute.

My understanding:

To create the signature file, make a PKCS #7 detached signature of the manifest file